Users' conceptions of web security: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
What are you looking for?: an eye-tracking study of information usage in web search
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Passwords: If We're So Smart, Why Are We Still Using Them?
Financial Cryptography and Data Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Visual spoofing of SSL protected web sites and effective countermeasures
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
Comparative eye tracking of experts and novices in web single sign-on
Proceedings of the third ACM conference on Data and application security and privacy
UAHCI'13 Proceedings of the 7th international conference on Universal Access in Human-Computer Interaction: design methods, tools, and interaction techniques for eInclusion - Volume Part I
Hi-index | 0.00 |
Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.